Staff Product Security Engineer

Who We Want:

The Product Security Engineer will be a valued professional within the Stryker organization. They will lead efforts to design, execute, and continually improve the effectiveness of the vulnerability management processes for Stryker products. This Engineer will develop strategies and plans to create, sustain, and optimize the various aspects of vulnerability management including roles, processes, and technologies for Stryker medical devices and advanced solutions including AI, XR, and IoMT. This role will develop and optimize automated solutions for the generation of software bills of material, continuous vulnerability monitoring, and vulnerability resolution processes throughout the product lifecycle.

What You Will Do:

• Create and own strategies that prioritize objectives for creating effective vulnerability management processes across the entire lifecycle of medical device and associated solutions.
• Develop efficient solutions for determining the disposition of vulnerabilities produced through internal assessments and analysis efforts throughout the product lifecycle.
• Guide product development teams in completing overall vulnerability management procedures within a defined security risk management process.
• Work with product teams and product security services teams to develop and optimize the generation, repositories, and version management of software bills of material (SBOM) for a variety of medical device technologies.
• Design and implement SBOM configuration management solutions to enable continuous vulnerability management processes.
• Develop and own the policy and process of coordinated vulnerability disclosure.
• Review current state and desired state of vulnerability assessment capabilities to define a roadmap needed improvements.
• Work with tool vendors to develop and implement vulnerability management solutions associated with in-market medical devices and health software products.
• Develop standards and internal guidance for the timeliness of security patches for medical products and related systems.
• Apply regulatory guidance and industry best practices to drive strategies for product security procedures and work instructions.
• Provide product security guidance and leadership to internal taskforce teams.
• Collaborate with product teams to assess security risks and drive design decisions for new products and related systems based on vulnerability assessment results.
• Develop and deliver presentations and communications to clearly convey security topics up to the senior leadership level.
• Collaborate with Stryker enterprise functions to leverage domain expertise and capabilities and identify areas of opportunity.
• Recommend efficiency and process improvements to product security capabilities and functions.
• Knowledge and Capabilities:
  • Demonstrated knowledge of various vulnerability management aspects including SBOM generation, vulnerability assessments, threat modeling, security risk assessment processes, and security patching best practices.
  • Proficient in identifying security vulnerabilities across several areas of computing such as cloud, distributed applications, embedded systems, or IOT.
  • Thorough understanding of the current revisions of NIST, ISO, and other related security frameworks especially those that apply to vulnerability management.
  • Proven experience building successful working relationships with internal and external personnel in various departments.
  • Expertise in applying security control frameworks, security risk assessments, and scoring the severity of security threats and vulnerabilities.
  • Proficient in using one or more vulnerability scanning tools.
  • Proven expertise working with product development teams in a broad number of computing environments.
  • Excellent written and verbal communication skills.
  • Proven ability to facilitate meetings to accomplish goals and objectives in a collaborative environment.
  • Proven ability to develop and analyze procedural documents and associated artifacts.
  • Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.

What You Will Need:

• Bachelor's Degree in product security, computer science, mathematics, statistics, or related field
• 8+ years of applicable (product) security work experience required.
• Understands security risk management processes preferably in the healthcare or medical device industry.
• Direct experience working in a product focused vulnerability management process.
• One or more active, industry recognized, and relevant cybersecurity certifications.